FDRERASE/OPEN; First Enterprise Scale Data Protection Solution for Secure Open System Disk Erase Accepted for Common Criteria EAL2+ Evaluation

Business Wire, April 16, 2007

LITTLE FALLS, N.J. -- INNOVATION Data Processing, announces FDRERASE/OPEN as the first enterprise scale data protection solution for secure Open System disk erasure to earn a place on the Common Criteria Evaluation and Validation Scheme (CCEVS) Products and Protection Profiles in Evaluation List for Sensitive Data Protection with a conformance claim of EAL2 .

"FDRERASE/OPEN is the only enterprise scale solution in CCEVS evaluation available today for securely erasing any disk that is accessed by its host computer across a SCSI or Fibre channel connection. Disks can be physical hard drives, or logical disk volumes resident in enterprise disk storage systems (including RAID systems) such as those provided by EMC, Hitachi, IBM, SUN and other vendors.

"Following our successful delivery of FDRERASE for z/OS, the only CCEVS validated solution for secure erase of IBM z/OS mainframe disk, INNOVATION set out to develop a complementary solution to comply with current US Government guidelines for erasing open system data resident in large scale enterprise storage systems. That effort has paid off as we have now received notice on successful completion of the Initial Validation Oversight Review (iVOR) placing FDRERASE/OPEN into Common Criteria EAL2 Augmented Evaluation here in the US," explains Thomas J. Meehan, INNOVATION Data Processing Vice President of Advance Technology; adding "FDRERASE/OPEN employs the same techniques as FDRERASE for z/OS for Secure Erase that satisfies the requirements specified in the Assistant Secretary of Defense (ASD C3I) Memorandum, on Disposition of Unclassified DoD Computer Hard Drives, the definitive Department of Defense directive on the subject."

According to the CCEVS iVOR description FDRERASE/OPEN is an interactive GUI application and a supporting operating system that runs on an x86 architecture computer providing two security erasure functions ERASE and SECUREERASE for the secure removal of data from any disk that is attached to its host computer by a SCSI or Fibre channel connection: ERASE and SECUREERASE overwrite disk to ensure the risk of any data remaining on a disk, is reduced to a level commensurate with the risk of a person scavenging for that data. FDRERASE/OPEN also provides a security audit function enabling a user to confirm that the physical sectors of the disk have indeed been overwritten sufficiently so that no residual information remains. This is the VERIFY function. FDRERASE/OPEN also maintains a History Report as a permanent record of all disks that it erases.

"FDRERASE/OPEN," according to Meehan, "is the open system solution that banks, card payment service providers, computer services providers, educational institutions, financial institutions, government agencies, hospitals, insurance companies and telecommunication companies have been asking for to complement FDRERASE the INNOVATION z/OS solution they are already using to securely erase mainframe data when leaving a DR site or disposing of disk storage systems. The fastest way to securely erase open system data in these same circumstances, the listing as in CCEVS EAL2 evaluation puts FDRERASE/OPEN squarely in the forefront to meet user's compliance requirements."

"It is very clear now; commercial as well as government organizations have the same requirements to erase open system resident data from disk when leaving a DR site and when disposing of disk storage systems, as they have to protect mainframe data from unauthorized access." Meehan went on, "you expect the DoD (Department of Defense) and NSA (National Security Agency) to have rules, but there is also an abundance of strict industry guidelines and federal codes and national legislation in countries around the world requiring sensitive information be cleared from disks prior to disposal or reuse. HIPAA (Health Insurance Portability and Accountability Act), requires sensitive information be cleared from equipment and media prior to disposal or reuse. GLBA (Gramm-Leach-Bliley Act) imposes criminal penalties on financial institutions for failing to preserve privacy of current or legacy client financial data. The Payment Card Industry (e.g. MasterCard, Visa, American Express, Diners Card, Discover and JCB) Data Security Standard requires banks, members, merchants and merchants' service providers to have a data disposal plan, i.e. to purge electronic media so cardholder data cannot be reconstructed."

FDRERASE/OPEN is shown as in evaluation on the Common Criteria Evaluation and Validation Scheme web site Products and Protection Profiles in Evaluation page at http://niap.bahialab.com/cc-scheme/in_evaluation.cfm

About FDRERASE/OPEN (ERASE, SECUREERASE and VERIFY) Security Functions

ERASE

Disk erasures are actually performed by overwriting the stored data to make the original data unrecoverable. ERASE, by default, overwrites each sector on a disk once making all data unrecoverable by any normal program running anywhere that has access to the disk.

SECUREERASE

Overwriting each sector on a disk a minimum of three times, (optionally up to eight overwrites), SECUREERASE renders the original data on a disk unrecoverable, even by sophisticated laboratory techniques applied to hard drives removed from the control unit.